Hide Forgot
Description of problem: Registering a system as a user other than the default admin user fails with an "Invalid credentials" (and a 401 error on katello log) message. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Created a Bloomberg user and assigned him the administrator role and the Base (Locker > Base) environment for my NY Data Center environment 2. Booted a vanilla RHEL 6.1 system and followed the instructions to edit rhsm.conf and adding candlepin's certificate to it (see https://fedorahosted.org/katello/wiki/GuideSystemRegistrationClient) 3. Through the web UI, I proceeded to add this system as a new system 4. SSHed into the client and tried to perform the registration process using subscription-manager Actual results: The output of registration-manager register --force --username=Bloomberg --password=***** was: Invalid credentials Expected results: Additional info: katelloschema=> select * from users where username = 'Bloomberg'; 4 | Bloomberg | ad03c6df04cdb2a789ee6db08c9668f3fc9abe87b594a846b6e22e865bbe9aa1bb837b9b85b4dd0ace1c690f0d2be57b6edff262914cfd948ae4cbe8d0122aa0oZxY2HQQk3QzD67dmBg2tK kQOHKDahI4DT1oWP6M8RIXqQrnehocYLHMrEEguMpt | t | 2011-12-08 16:28:27.945881 | 2011-12-12 18:28:57.032247 | 6 | 25 | f | <EMAIL> | | katelloschema=> select * from roles_users where user_id = 4; role_id | user_id ---------+--------- 6 | 4 1 | 4 katelloschema=> select * from roles where id in (1, 6); id | name | created_at | updated_at | description ----+--------------------------------+----------------------------+----------------------------+-------------------------------------- 1 | Administrator | 2011-12-07 19:07:23.650532 | 2011-12-07 19:07:23.650532 | Super administrator with all access. 6 | Bloomberg_aF9yvJIo441CSYU9XHN7 | 2011-12-08 16:28:27.934124 | 2011-12-08 16:28:27.934124 | katelloschema=> select * from systems; id | uuid | name | description | location | environment_id | created_at | updated_at | system_template_id ----+--------------------------------------+----------------+-----------------------------+----------+----------------+----------------------------+-------------------- --------+-------------------- 1 | c44d088b-7c40-4b62-8261-9cc840d4d737 | rhel6-client-1 | Initial Registration Params | None | 7 | 2011-12-08 19:45:30.425396 | 2011-12-08 19:45:30 .425396 |
katello's log: Started GET "/katello//api/consumers/c44d088b-7c40-4b62-8261-9cc840d4d737" for 10.16.120.146 at Mon Dec 12 13:55:32 -0500 2011 Processing by Api::SystemsController#show as JSON Parameters: {"id"=>"c44d088b-7c40-4b62-8261-9cc840d4d737", "_json"=>nil} Completed in 5ms Processing by FailedAuthenticationController#unauthenticated_api as JSON Parameters: {"auth_username"=>"Bloomberg", "id"=>"c44d088b-7c40-4b62-8261-9cc840d4d737", "auth_password"=>"[FILTERED]", "_json"=>nil} Request is unauthenticated_api for 127.0.0.1 Completed 401 Unauthorized in 1ms (Views: 0.5ms | ActiveRecord: 0.4ms)
Started POST "/katello//api/consumers/" for 10.16.120.146 at Mon Dec 12 14:34:58 -0500 2011 Processing by Api::SystemsController#create as JSON Parameters: {"facts"=>{"dmi.bios.relase_date"=>"01/01/2007", "net.interface.lo.ipaddr"=>"127.0.0.1", "network.hostname"=>"client-og-1.usersys.redhat.com", "cpu.hypervisor_vendor"=>"KVM", "system.entitlements_valid"=>false, "dmi.memory.type"=>"RAM", "dmi.bios.address"=>"0xe8000", "net.interface.eth2.broadcast"=>"10.16.120.255", "dmi.bios.runtime_size"=>"96 KB", "distribution.id"=>"Santiago", "dmi.memory.maximum_capacity"=>"3 GB", "dmi.chassis.asset_tag"=>"Not Specified", "dmi.memory.bank_locator"=>"Not Specified", "cpu.virtualization_type"=>"full", "dmi.system.wake-up_type"=>"Power Switch", "dmi.chassis.boot-up_state"=>"Safe", "distribution.name"=>"Red Hat Enterprise Linux Server", "cpu.thread(s)_per_core"=>"1", "dmi.chassis.manufacturer"=>"Red Hat", "dmi.bios.bios_revision"=>"1.0", "dmi.chassis.version"=>"Not Specified", "distribution.version"=>"6.1", "uname.version"=>"#1 SMP Tue May 10 15:42:40 EDT 2011", "net.interface.lo.hwaddr"=>"00:00:00:00:00:00", "dmi.memory.error_correction_type"=>"Multi-bit ECC", "dmi.bios.vendor"=>"Seabios", "dmi.memory.locator"=>"DIMM 0", "dmi.system.manufacturer"=>"Red Hat", "net.interface.eth2.hwaddr"=>"52:54:00:fc:ba:e4", "dmi.chassis.serial_number"=>"Not Specified", "dmi.bios.rom_size"=>"64 KB", "cpu.stepping"=>"3", "uname.release"=>"2.6.32-131.0.15.el6.x86_64", "dmi.system.uuid"=>"cde1a796-c280-08fe-fd33-083cca9c8db7", "dmi.memory.array_handle"=>"0x1000", "cpu.cpu_op-mode(s)"=>"32-bit, 64-bit", "dmi.memory.data_width"=>"64 bit", "memory.swaptotal"=>"4128760", "net.interface.lo.broadcast"=>"0.0.0.0", "dmi.chassis.lock"=>"Not Present", "cpu.cpu_mhz"=>"2133.266", "dmi.memory.speed"=>" (ns)", "net.interface.eth2.ipaddr"=>"10.16.120.146", "uname.machine"=>"x86_64", "dmi.memory.form_factor"=>"DIMM", "dmi.memory.total_width"=>"64 bit", "cpu.l1d_cache"=>"32K", "virt.is_guest"=>true, "cpu.cpu(s)"=>"2", "net.interface.lo.netmask"=>"255.0.0.0", "dmi.memory.error_information_handle"=>"Not Provided", "net.interface.eth2.netmask"=>"255.255.255.0", "cpu.architecture"=>"x86_64", "cpu.vendor_id"=>"GenuineIntel", "dmi.processor.upgrade"=>"Other", "dmi.system.sku_number"=>"Not Specified", "cpu.bogomips"=>"4266.53", "dmi.memory.location"=>"Other", "dmi.chassis.thermal_state"=>"Safe", "cpu.l2_cache"=>"4096K", "dmi.system.serial_number"=>"Not Specified", "cpu.cpu_socket(s)"=>"2", "dmi.processor.voltage"=>" ", "uname.sysname"=>"Linux", "dmi.system.family"=>"Red Hat Enterprise Linux", "cpu.model"=>"13", "uname.nodename"=>"client-og-1.usersys.redhat.com", "dmi.processor.version"=>"Not Specified", "dmi.chassis.power_supply_state"=>"Safe", "dmi.memory.use"=>"System Memory", "dmi.system.version"=>"RHEL 6.1.0 PC", "memory.memtotal"=>"3090056", "cpu.on-line_cpu(s)_list"=>"0,1", "dmi.system.status"=>"No errors detected", "dmi.bios.version"=>"0.5.1", "cpu.numa_node(s)"=>"1", "dmi.chassis.security_status"=>"Unknown", "virt.host_type"=>"kvm", "cpu.l1i_cache"=>"32K", "dmi.system.product_name"=>"KVM", "dmi.chassis.type"=>"Other", "dmi.processor.type"=>"Central Processor", "dmi.processor.socket_designation"=>"CPU 1", "cpu.byte_order"=>"Little Endian", "dmi.processor.status"=>"Populated:Enabled", "cpu.numa_node0_cpu(s)"=>"0,1", "cpu.core(s)_per_socket"=>"1", "dmi.memory.size"=>"3072 MB", "network.ipaddr"=>"127.0.0.1", "dmi.processor.family"=>"Other", "cpu.cpu_family"=>"6"}, "name"=>"client-og-1.usersys.redhat.com", "type"=>"system"} Completed in 5ms Processing by FailedAuthenticationController#unauthenticated_api as JSON Parameters: {"facts"=>{"dmi.bios.relase_date"=>"01/01/2007", "net.interface.lo.ipaddr"=>"127.0.0.1", "network.hostname"=>"client-og-1.usersys.redhat.com", "cpu.hypervisor_vendor"=>"KVM", "system.entitlements_valid"=>false, "dmi.memory.type"=>"RAM", "dmi.bios.address"=>"0xe8000", "net.interface.eth2.broadcast"=>"10.16.120.255", "dmi.bios.runtime_size"=>"96 KB", "distribution.id"=>"Santiago", "dmi.memory.maximum_capacity"=>"3 GB", "dmi.chassis.asset_tag"=>"Not Specified", "dmi.memory.bank_locator"=>"Not Specified", "cpu.virtualization_type"=>"full", "dmi.system.wake-up_type"=>"Power Switch", "dmi.chassis.boot-up_state"=>"Safe", "distribution.name"=>"Red Hat Enterprise Linux Server", "cpu.thread(s)_per_core"=>"1", "dmi.chassis.manufacturer"=>"Red Hat", "dmi.bios.bios_revision"=>"1.0", "dmi.chassis.version"=>"Not Specified", "distribution.version"=>"6.1", "uname.version"=>"#1 SMP Tue May 10 15:42:40 EDT 2011", "net.interface.lo.hwaddr"=>"00:00:00:00:00:00", "dmi.memory.error_correction_type"=>"Multi-bit ECC", "dmi.bios.vendor"=>"Seabios", "dmi.memory.locator"=>"DIMM 0", "dmi.system.manufacturer"=>"Red Hat", "net.interface.eth2.hwaddr"=>"52:54:00:fc:ba:e4", "dmi.chassis.serial_number"=>"Not Specified", "dmi.bios.rom_size"=>"64 KB", "cpu.stepping"=>"3", "uname.release"=>"2.6.32-131.0.15.el6.x86_64", "dmi.system.uuid"=>"cde1a796-c280-08fe-fd33-083cca9c8db7", "dmi.memory.array_handle"=>"0x1000", "cpu.cpu_op-mode(s)"=>"32-bit, 64-bit", "dmi.memory.data_width"=>"64 bit", "memory.swaptotal"=>"4128760", "net.interface.lo.broadcast"=>"0.0.0.0", "dmi.chassis.lock"=>"Not Present", "cpu.cpu_mhz"=>"2133.266", "dmi.memory.speed"=>" (ns)", "net.interface.eth2.ipaddr"=>"10.16.120.146", "uname.machine"=>"x86_64", "dmi.memory.form_factor"=>"DIMM", "dmi.memory.total_width"=>"64 bit", "cpu.l1d_cache"=>"32K", "virt.is_guest"=>true, "cpu.cpu(s)"=>"2", "net.interface.lo.netmask"=>"255.0.0.0", "dmi.memory.error_information_handle"=>"Not Provided", "net.interface.eth2.netmask"=>"255.255.255.0", "cpu.architecture"=>"x86_64", "cpu.vendor_id"=>"GenuineIntel", "dmi.processor.upgrade"=>"Other", "dmi.system.sku_number"=>"Not Specified", "cpu.bogomips"=>"4266.53", "dmi.memory.location"=>"Other", "dmi.chassis.thermal_state"=>"Safe", "cpu.l2_cache"=>"4096K", "dmi.system.serial_number"=>"Not Specified", "cpu.cpu_socket(s)"=>"2", "dmi.processor.voltage"=>" ", "uname.sysname"=>"Linux", "dmi.system.family"=>"Red Hat Enterprise Linux", "cpu.model"=>"13", "uname.nodename"=>"client-og-1.usersys.redhat.com", "dmi.processor.version"=>"Not Specified", "dmi.chassis.power_supply_state"=>"Safe", "dmi.memory.use"=>"System Memory", "dmi.system.version"=>"RHEL 6.1.0 PC", "memory.memtotal"=>"3090056", "cpu.on-line_cpu(s)_list"=>"0,1", "dmi.system.status"=>"No errors detected", "dmi.bios.version"=>"0.5.1", "cpu.numa_node(s)"=>"1", "dmi.chassis.security_status"=>"Unknown", "virt.host_type"=>"kvm", "cpu.l1i_cache"=>"32K", "dmi.system.product_name"=>"KVM", "dmi.chassis.type"=>"Other", "dmi.processor.type"=>"Central Processor", "dmi.processor.socket_designation"=>"CPU 1", "cpu.byte_order"=>"Little Endian", "dmi.processor.status"=>"Populated:Enabled", "cpu.numa_node0_cpu(s)"=>"0,1", "cpu.core(s)_per_socket"=>"1", "dmi.memory.size"=>"3072 MB", "network.ipaddr"=>"127.0.0.1", "dmi.processor.family"=>"Other", "cpu.cpu_family"=>"6"}, "name"=>"client-og-1.usersys.redhat.com", "auth_username"=>"Bloomberg", "type"=>"system", "auth_password"=>"[FILTERED]"} Request is unauthenticated_api for 127.0.0.1 Completed 401 Unauthorized in 1ms (Views: 0.4ms | ActiveRecord: 0.7ms) Started GET "/katello//notices/get_new?_=1323718502165" for 10.11.231.56 at Mon Dec 12 14:35:05 -0500 2011 Processing by NoticesController#get_new as JSON Parameters: {"_"=>"1323718502165"} Completed 200 OK in 8ms (Views: 0.5ms | ActiveRecord: 1.5ms)
We will be working on complete audit of all API permissions.
A read-only user can register a system (POST /api/consumers) but it then fails on saving packages (PUT /api/consumers/$id/packages).
@Og: [root@ofed ~]# subscription-manager register --username user --password useruser --org ACME_Corporation --env env --force The system with UUID 3b384ad5-1ff2-4aac-8fbd-663d006f353d has been unregistered The system has been registered with id: 7b14ac3e-ba12-4280-9194-f02c44819cfb [root@ofed ~]# rpm -q katello katello-0.1.187-1.git.1.2d46557.el6.noarch ^^^ fixed in this version @Tom: This has also been fixed today. The same version should work too.
Lukas, I was working with Og to try and reproduce this issue and we hit a confusion situation. His user as outlined above fails to register repeatedly with "invalid credentials": [root@dhcp77-156 ca]# subscription-manager register --force --username=Bloomberg --password=**** Invalid credentials but I created a duplicate user with the same default Org and Environment and registration worked fine: [root@dhcp77-156 ca]# subscription-manager register --force --username=mmccune --password=password [root@dhcp77-156 ca]# we couldn't see anything different about the 2 users and I'm not sure why one account works and the other doesn't.
The only difference we finally managed to find out what the version of subscription-manager installed in the client. For Mike, subscription-manager-0.96.17-1.el6.x86_64 worked. But for me, subscription-manager-0.95.11-1.el6.x86_64, did not.
Verbose log: Setting current user thread-local variable to nil Completed 200 OK in 50ms (Views: 1.7ms | ActiveRecord: 111.2ms) SQL (0.5ms) SHOW client_min_messages SQL (0.1ms) SET client_min_messages TO 'panic' SQL (0.2ms) SET standard_conforming_strings = on SQL (0.1ms) SET client_min_messages TO 'notice' SQL (0.8ms) SET time zone 'UTC' SQL (0.1ms) SHOW TIME ZONE PK and serial sequence (9.7ms) SELECT attr.attname, seq.relname FROM pg_class seq, pg_attribute attr, pg_depend dep, pg_namespace name, pg_constraint cons WHERE seq.oid = dep.objid AND seq.relkind = 'S' AND attr.attrelid = dep.refobjid AND attr.attnum = dep.refobjsubid AND attr.attrelid = cons.conrelid AND attr.attnum = cons.conkey[1] AND cons.contype = 'p' AND dep.refobjid = '"changesets_products"'::regclass PK and custom sequence (10.2ms) SELECT attr.attname, CASE WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN substr(split_part(def.adsrc, '''', 2), strpos(split_part(def.adsrc, '''', 2), '.')+1) ELSE split_part(def.adsrc, '''', 2) END FROM pg_class t JOIN pg_attribute attr ON (t.oid = attrelid) JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum) JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1]) WHERE t.oid = '"changesets_products"'::regclass AND cons.contype = 'p' AND def.adsrc ~* 'nextval' PK and serial sequence (5.5ms) SELECT attr.attname, seq.relname FROM pg_class seq, pg_attribute attr, pg_depend dep, pg_namespace name, pg_constraint cons WHERE seq.oid = dep.objid AND seq.relkind = 'S' AND attr.attrelid = dep.refobjid AND attr.attnum = dep.refobjsubid AND attr.attrelid = cons.conrelid AND attr.attnum = cons.conkey[1] AND cons.contype = 'p' AND dep.refobjid = '"changesets_system_templates"'::regclass PK and custom sequence (1.7ms) SELECT attr.attname, CASE WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN substr(split_part(def.adsrc, '''', 2), strpos(split_part(def.adsrc, '''', 2), '.')+1) ELSE split_part(def.adsrc, '''', 2) END FROM pg_class t JOIN pg_attribute attr ON (t.oid = attrelid) JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum) JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1]) WHERE t.oid = '"changesets_system_templates"'::regclass AND cons.contype = 'p' AND def.adsrc ~* 'nextval' PK and serial sequence (5.8ms) SELECT attr.attname, seq.relname FROM pg_class seq, pg_attribute attr, pg_depend dep, pg_namespace name, pg_constraint cons WHERE seq.oid = dep.objid AND seq.relkind = 'S' AND attr.attrelid = dep.refobjid AND attr.attnum = dep.refobjsubid AND attr.attrelid = cons.conrelid AND attr.attnum = cons.conkey[1] AND cons.contype = 'p' AND dep.refobjid = '"changesets_repositories"'::regclass PK and custom sequence (1.6ms) SELECT attr.attname, CASE WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN substr(split_part(def.adsrc, '''', 2), strpos(split_part(def.adsrc, '''', 2), '.')+1) ELSE split_part(def.adsrc, '''', 2) END FROM pg_class t JOIN pg_attribute attr ON (t.oid = attrelid) JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum) JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1]) WHERE t.oid = '"changesets_repositories"'::regclass AND cons.contype = 'p' AND def.adsrc ~* 'nextval' PK and serial sequence (5.3ms) SELECT attr.attname, seq.relname FROM pg_class seq, pg_attribute attr, pg_depend dep, pg_namespace name, pg_constraint cons WHERE seq.oid = dep.objid AND seq.relkind = 'S' AND attr.attrelid = dep.refobjid AND attr.attnum = dep.refobjsubid AND attr.attrelid = cons.conrelid AND attr.attnum = cons.conkey[1] AND cons.contype = 'p' AND dep.refobjid = '"filters_products"'::regclass PK and custom sequence (1.6ms) SELECT attr.attname, CASE WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN substr(split_part(def.adsrc, '''', 2), strpos(split_part(def.adsrc, '''', 2), '.')+1) ELSE split_part(def.adsrc, '''', 2) END FROM pg_class t JOIN pg_attribute attr ON (t.oid = attrelid) JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum) JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1]) WHERE t.oid = '"filters_products"'::regclass AND cons.contype = 'p' AND def.adsrc ~* 'nextval' PK and serial sequence (6.5ms) SELECT attr.attname, seq.relname FROM pg_class seq, pg_attribute attr, pg_depend dep, pg_namespace name, pg_constraint cons WHERE seq.oid = dep.objid AND seq.relkind = 'S' AND attr.attrelid = dep.refobjid AND attr.attnum = dep.refobjsubid AND attr.attrelid = cons.conrelid AND attr.attnum = cons.conkey[1] AND cons.contype = 'p' AND dep.refobjid = '"environment_priors"'::regclass PK and custom sequence (1.3ms) SELECT attr.attname, CASE WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN substr(split_part(def.adsrc, '''', 2), strpos(split_part(def.adsrc, '''', 2), '.')+1) ELSE split_part(def.adsrc, '''', 2) END FROM pg_class t JOIN pg_attribute attr ON (t.oid = attrelid) JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum) JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1]) WHERE t.oid = '"environment_priors"'::regclass AND cons.contype = 'p' AND def.adsrc ~* 'nextval' PK and serial sequence (5.3ms) SELECT attr.attname, seq.relname FROM pg_class seq, pg_attribute attr, pg_depend dep, pg_namespace name, pg_constraint cons WHERE seq.oid = dep.objid AND seq.relkind = 'S' AND attr.attrelid = dep.refobjid AND attr.attnum = dep.refobjsubid AND attr.attrelid = cons.conrelid AND attr.attnum = cons.conkey[1] AND cons.contype = 'p' AND dep.refobjid = '"environment_priors"'::regclass PK and custom sequence (1.3ms) SELECT attr.attname, CASE WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN substr(split_part(def.adsrc, '''', 2), strpos(split_part(def.adsrc, '''', 2), '.')+1) ELSE split_part(def.adsrc, '''', 2) END FROM pg_class t JOIN pg_attribute attr ON (t.oid = attrelid) JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum) JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1]) WHERE t.oid = '"environment_priors"'::regclass AND cons.contype = 'p' AND def.adsrc ~* 'nextval' PK and serial sequence (2.4ms) SELECT attr.attname, seq.relname FROM pg_class seq, pg_attribute attr, pg_depend dep, pg_namespace name, pg_constraint cons WHERE seq.oid = dep.objid AND seq.relkind = 'S' AND attr.attrelid = dep.refobjid AND attr.attnum = dep.refobjsubid AND attr.attrelid = cons.conrelid AND attr.attnum = cons.conkey[1] AND cons.contype = 'p' AND dep.refobjid = '"filters_products"'::regclass PK and custom sequence (1.2ms) SELECT attr.attname, CASE WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN substr(split_part(def.adsrc, '''', 2), strpos(split_part(def.adsrc, '''', 2), '.')+1) ELSE split_part(def.adsrc, '''', 2) END FROM pg_class t JOIN pg_attribute attr ON (t.oid = attrelid) JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum) JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1]) WHERE t.oid = '"filters_products"'::regclass AND cons.contype = 'p' AND def.adsrc ~* 'nextval' PK and serial sequence (4.0ms) SELECT attr.attname, seq.relname FROM pg_class seq, pg_attribute attr, pg_depend dep, pg_namespace name, pg_constraint cons WHERE seq.oid = dep.objid AND seq.relkind = 'S' AND attr.attrelid = dep.refobjid AND attr.attnum = dep.refobjsubid AND attr.attrelid = cons.conrelid AND attr.attnum = cons.conkey[1] AND cons.contype = 'p' AND dep.refobjid = '"changesets_products"'::regclass PK and custom sequence (1.5ms) SELECT attr.attname, CASE WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN substr(split_part(def.adsrc, '''', 2), strpos(split_part(def.adsrc, '''', 2), '.')+1) ELSE split_part(def.adsrc, '''', 2) END FROM pg_class t JOIN pg_attribute attr ON (t.oid = attrelid) JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum) JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1]) WHERE t.oid = '"changesets_products"'::regclass AND cons.contype = 'p' AND def.adsrc ~* 'nextval' SQL (2.4ms) SELECT tablename FROM pg_tables WHERE schemaname = ANY (current_schemas(false)) SQL (1.0ms) SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull FROM pg_attribute a LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum WHERE a.attrelid = '"organizations"'::regclass AND a.attnum > 0 AND NOT a.attisdropped ORDER BY a.attnum PK and serial sequence (5.1ms) SELECT attr.attname, seq.relname FROM pg_class seq, pg_attribute attr, pg_depend dep, pg_namespace name, pg_constraint cons WHERE seq.oid = dep.objid AND seq.relkind = 'S' AND attr.attrelid = dep.refobjid AND attr.attnum = dep.refobjsubid AND attr.attrelid = cons.conrelid AND attr.attnum = cons.conkey[1] AND cons.contype = 'p' AND dep.refobjid = '"permissions_verbs"'::regclass PK and custom sequence (1.3ms) SELECT attr.attname, CASE WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN substr(split_part(def.adsrc, '''', 2), strpos(split_part(def.adsrc, '''', 2), '.')+1) ELSE split_part(def.adsrc, '''', 2) END FROM pg_class t JOIN pg_attribute attr ON (t.oid = attrelid) JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum) JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1]) WHERE t.oid = '"permissions_verbs"'::regclass AND cons.contype = 'p' AND def.adsrc ~* 'nextval' SQL (2.3ms) SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull FROM pg_attribute a LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum WHERE a.attrelid = '"providers"'::regclass AND a.attnum > 0 AND NOT a.attisdropped ORDER BY a.attnum PK and serial sequence (2.4ms) SELECT attr.attname, seq.relname FROM pg_class seq, pg_attribute attr, pg_depend dep, pg_namespace name, pg_constraint cons WHERE seq.oid = dep.objid AND seq.relkind = 'S' AND attr.attrelid = dep.refobjid AND attr.attnum = dep.refobjsubid AND attr.attrelid = cons.conrelid AND attr.attnum = cons.conkey[1] AND cons.contype = 'p' AND dep.refobjid = '"changesets_repositories"'::regclass PK and custom sequence (1.3ms) SELECT attr.attname, CASE WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN substr(split_part(def.adsrc, '''', 2), strpos(split_part(def.adsrc, '''', 2), '.')+1) ELSE split_part(def.adsrc, '''', 2) END FROM pg_class t JOIN pg_attribute attr ON (t.oid = attrelid) JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum) JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1]) WHERE t.oid = '"changesets_repositories"'::regclass AND cons.contype = 'p' AND def.adsrc ~* 'nextval' PK and serial sequence (2.1ms) SELECT attr.attname, seq.relname FROM pg_class seq, pg_attribute attr, pg_depend dep, pg_namespace name, pg_constraint cons WHERE seq.oid = dep.objid AND seq.relkind = 'S' AND attr.attrelid = dep.refobjid AND attr.attnum = dep.refobjsubid AND attr.attrelid = cons.conrelid AND attr.attnum = cons.conkey[1] AND cons.contype = 'p' AND dep.refobjid = '"changesets_system_templates"'::regclass PK and custom sequence (1.2ms) SELECT attr.attname, CASE WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN substr(split_part(def.adsrc, '''', 2), strpos(split_part(def.adsrc, '''', 2), '.')+1) ELSE split_part(def.adsrc, '''', 2) END FROM pg_class t JOIN pg_attribute attr ON (t.oid = attrelid) JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum) JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1]) WHERE t.oid = '"changesets_system_templates"'::regclass AND cons.contype = 'p' AND def.adsrc ~* 'nextval' PK and serial sequence (4.6ms) SELECT attr.attname, seq.relname FROM pg_class seq, pg_attribute attr, pg_depend dep, pg_namespace name, pg_constraint cons WHERE seq.oid = dep.objid AND seq.relkind = 'S' AND attr.attrelid = dep.refobjid AND attr.attnum = dep.refobjsubid AND attr.attrelid = cons.conrelid AND attr.attnum = cons.conkey[1] AND cons.contype = 'p' AND dep.refobjid = '"products_system_templates"'::regclass PK and custom sequence (1.3ms) SELECT attr.attname, CASE WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN substr(split_part(def.adsrc, '''', 2), strpos(split_part(def.adsrc, '''', 2), '.')+1) ELSE split_part(def.adsrc, '''', 2) END FROM pg_class t JOIN pg_attribute attr ON (t.oid = attrelid) JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum) JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1]) WHERE t.oid = '"products_system_templates"'::regclass AND cons.contype = 'p' AND def.adsrc ~* 'nextval' SQL (3.8ms) SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull FROM pg_attribute a LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum WHERE a.attrelid = '"users"'::regclass AND a.attnum > 0 AND NOT a.attisdropped ORDER BY a.attnum PK and serial sequence (5.4ms) SELECT attr.attname, seq.relname FROM pg_class seq, pg_attribute attr, pg_depend dep, pg_namespace name, pg_constraint cons WHERE seq.oid = dep.objid AND seq.relkind = 'S' AND attr.attrelid = dep.refobjid AND attr.attnum = dep.refobjsubid AND attr.attrelid = cons.conrelid AND attr.attnum = cons.conkey[1] AND cons.contype = 'p' AND dep.refobjid = '"permissions_verbs"'::regclass PK and custom sequence (1.4ms) SELECT attr.attname, CASE WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN substr(split_part(def.adsrc, '''', 2), strpos(split_part(def.adsrc, '''', 2), '.')+1) ELSE split_part(def.adsrc, '''', 2) END FROM pg_class t JOIN pg_attribute attr ON (t.oid = attrelid) JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum) JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1]) WHERE t.oid = '"permissions_verbs"'::regclass AND cons.contype = 'p' AND def.adsrc ~* 'nextval' Resource GET request: /candlepin/status Headers: {} Body: {} Processing response: 200 {"version":"0.5.8","result":true,"standalone":true,"release":"1"} Warning: Incorrect version , Expected 0.5.10-1, got 0.5.8-1 Started POST "/katello/api/consumers/" for 10.16.120.164 at Tue Jan 24 11:19:07 -0500 2012 Processing by Api::SystemsController#create as JSON Parameters: {"facts"=>{"dmi.bios.relase_date"=>"01/01/2007", "net.interface.lo.ipaddr"=>"127.0.0.1", "network.hostname"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "cpu.hypervisor_vendor"=>"KVM", "system.entitlements_valid"=>false, "dmi.memory.type"=>"RAM", "dmi.bios.address"=>"0xe8000", "dmi.bios.runtime_size"=>"96 KB", "distribution.id"=>"Santiago", "dmi.memory.maximum_capacity"=>"2 GB", "dmi.chassis.asset_tag"=>"Not Specified", "dmi.memory.bank_locator"=>"Not Specified", "cpu.virtualization_type"=>"full", "net.interface.eth0.hwaddr"=>"52:54:00:81:85:8a", "dmi.system.wake-up_type"=>"Power Switch", "dmi.chassis.boot-up_state"=>"Safe", "distribution.name"=>"Red Hat Enterprise Linux Server", "cpu.thread(s)_per_core"=>"1", "dmi.chassis.manufacturer"=>"Red Hat", "dmi.bios.bios_revision"=>"1.0", "dmi.chassis.version"=>"Not Specified", "distribution.version"=>"6.1", "uname.version"=>"#1 SMP Tue May 10 15:42:40 EDT 2011", "net.interface.lo.hwaddr"=>"00:00:00:00:00:00", "dmi.bios.vendor"=>"Seabios", "dmi.memory.error_correction_type"=>"Multi-bit ECC", "dmi.memory.locator"=>"DIMM 0", "dmi.system.manufacturer"=>"Red Hat", "dmi.chassis.serial_number"=>"Not Specified", "dmi.bios.rom_size"=>"64 KB", "cpu.stepping"=>"3", "uname.release"=>"2.6.32-131.0.15.el6.x86_64", "dmi.system.uuid"=>"0268218e-241e-2312-fd30-fb3a84731fee", "dmi.memory.array_handle"=>"0x1000", "cpu.cpu_op-mode(s)"=>"32-bit, 64-bit", "net.interface.eth0.netmask"=>"255.255.255.0", "dmi.memory.data_width"=>"64 bit", "memory.swaptotal"=>"6160376", "net.interface.lo.broadcast"=>"0.0.0.0", "dmi.chassis.lock"=>"Not Present", "cpu.cpu_mhz"=>"2133.266", "dmi.memory.speed"=>" (ns)", "uname.machine"=>"x86_64", "dmi.memory.form_factor"=>"DIMM", "dmi.memory.total_width"=>"64 bit", "cpu.l1d_cache"=>"32K", "virt.is_guest"=>true, "cpu.cpu(s)"=>"1", "net.interface.lo.netmask"=>"255.0.0.0", "net.interface.eth0.broadcast"=>"10.16.120.255", "dmi.memory.error_information_handle"=>"Not Provided", "cpu.architecture"=>"x86_64", "cpu.vendor_id"=>"GenuineIntel", "dmi.processor.upgrade"=>"Other", "dmi.system.sku_number"=>"Not Specified", "cpu.bogomips"=>"4266.53", "dmi.memory.location"=>"Other", "dmi.chassis.thermal_state"=>"Safe", "cpu.l2_cache"=>"4096K", "dmi.system.serial_number"=>"Not Specified", "cpu.cpu_socket(s)"=>"1", "dmi.processor.voltage"=>" ", "uname.sysname"=>"Linux", "dmi.system.family"=>"Red Hat Enterprise Linux", "cpu.model"=>"13", "uname.nodename"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "dmi.processor.version"=>"Not Specified", "dmi.chassis.power_supply_state"=>"Safe", "dmi.memory.use"=>"System Memory", "dmi.system.version"=>"RHEL 6.1.0 PC", "memory.memtotal"=>"2055976", "cpu.on-line_cpu(s)_list"=>"0", "dmi.bios.version"=>"0.5.1", "dmi.system.status"=>"No errors detected", "cpu.numa_node(s)"=>"1", "dmi.chassis.security_status"=>"Unknown", "virt.host_type"=>"kvm", "cpu.l1i_cache"=>"32K", "dmi.system.product_name"=>"KVM", "dmi.chassis.type"=>"Other", "net.interface.eth0.ipaddr"=>"10.16.120.164", "dmi.processor.type"=>"Central Processor", "dmi.processor.socket_designation"=>"CPU 1", "cpu.byte_order"=>"Little Endian", "dmi.processor.status"=>"Populated:Enabled", "cpu.numa_node0_cpu(s)"=>"0", "cpu.core(s)_per_socket"=>"1", "dmi.memory.size"=>"2048 MB", "network.ipaddr"=>"10.16.120.164", "dmi.processor.family"=>"Other", "cpu.cpu_family"=>"6"}, "name"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "type"=>"system", "owner"=>"default"} Setting locale: en Warden is authenticating Bloomberg against database SQL (1.2ms) SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull FROM pg_attribute a LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum WHERE a.attrelid = '"users"'::regclass AND a.attnum > 0 AND NOT a.attisdropped ORDER BY a.attnum User Load (0.8ms) SELECT "users".* FROM "users" WHERE "users"."username" = 'Bloomberg' LIMIT 1 SQL (0.7ms) SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull FROM pg_attribute a LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum WHERE a.attrelid = '"users"'::regclass AND a.attnum > 0 AND NOT a.attisdropped ORDER BY a.attnum Completed in 23ms Processing by FailedAuthenticationController#unauthenticated_api as JSON Parameters: {"facts"=>{"dmi.bios.relase_date"=>"01/01/2007", "net.interface.lo.ipaddr"=>"127.0.0.1", "network.hostname"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "cpu.hypervisor_vendor"=>"KVM", "system.entitlements_valid"=>false, "dmi.memory.type"=>"RAM", "dmi.bios.address"=>"0xe8000", "dmi.bios.runtime_size"=>"96 KB", "distribution.id"=>"Santiago", "dmi.memory.maximum_capacity"=>"2 GB", "dmi.chassis.asset_tag"=>"Not Specified", "dmi.memory.bank_locator"=>"Not Specified", "cpu.virtualization_type"=>"full", "net.interface.eth0.hwaddr"=>"52:54:00:81:85:8a", "dmi.system.wake-up_type"=>"Power Switch", "dmi.chassis.boot-up_state"=>"Safe", "distribution.name"=>"Red Hat Enterprise Linux Server", "cpu.thread(s)_per_core"=>"1", "dmi.chassis.manufacturer"=>"Red Hat", "dmi.bios.bios_revision"=>"1.0", "dmi.chassis.version"=>"Not Specified", "distribution.version"=>"6.1", "uname.version"=>"#1 SMP Tue May 10 15:42:40 EDT 2011", "net.interface.lo.hwaddr"=>"00:00:00:00:00:00", "dmi.bios.vendor"=>"Seabios", "dmi.memory.error_correction_type"=>"Multi-bit ECC", "dmi.memory.locator"=>"DIMM 0", "dmi.system.manufacturer"=>"Red Hat", "dmi.chassis.serial_number"=>"Not Specified", "dmi.bios.rom_size"=>"64 KB", "cpu.stepping"=>"3", "uname.release"=>"2.6.32-131.0.15.el6.x86_64", "dmi.system.uuid"=>"0268218e-241e-2312-fd30-fb3a84731fee", "dmi.memory.array_handle"=>"0x1000", "cpu.cpu_op-mode(s)"=>"32-bit, 64-bit", "net.interface.eth0.netmask"=>"255.255.255.0", "dmi.memory.data_width"=>"64 bit", "memory.swaptotal"=>"6160376", "net.interface.lo.broadcast"=>"0.0.0.0", "dmi.chassis.lock"=>"Not Present", "cpu.cpu_mhz"=>"2133.266", "dmi.memory.speed"=>" (ns)", "uname.machine"=>"x86_64", "dmi.memory.form_factor"=>"DIMM", "dmi.memory.total_width"=>"64 bit", "cpu.l1d_cache"=>"32K", "virt.is_guest"=>true, "cpu.cpu(s)"=>"1", "net.interface.lo.netmask"=>"255.0.0.0", "net.interface.eth0.broadcast"=>"10.16.120.255", "dmi.memory.error_information_handle"=>"Not Provided", "cpu.architecture"=>"x86_64", "cpu.vendor_id"=>"GenuineIntel", "dmi.processor.upgrade"=>"Other", "dmi.system.sku_number"=>"Not Specified", "cpu.bogomips"=>"4266.53", "dmi.memory.location"=>"Other", "dmi.chassis.thermal_state"=>"Safe", "cpu.l2_cache"=>"4096K", "dmi.system.serial_number"=>"Not Specified", "cpu.cpu_socket(s)"=>"1", "dmi.processor.voltage"=>" ", "uname.sysname"=>"Linux", "dmi.system.family"=>"Red Hat Enterprise Linux", "cpu.model"=>"13", "uname.nodename"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "dmi.processor.version"=>"Not Specified", "dmi.chassis.power_supply_state"=>"Safe", "dmi.memory.use"=>"System Memory", "dmi.system.version"=>"RHEL 6.1.0 PC", "memory.memtotal"=>"2055976", "cpu.on-line_cpu(s)_list"=>"0", "dmi.bios.version"=>"0.5.1", "dmi.system.status"=>"No errors detected", "cpu.numa_node(s)"=>"1", "dmi.chassis.security_status"=>"Unknown", "virt.host_type"=>"kvm", "cpu.l1i_cache"=>"32K", "dmi.system.product_name"=>"KVM", "dmi.chassis.type"=>"Other", "net.interface.eth0.ipaddr"=>"10.16.120.164", "dmi.processor.type"=>"Central Processor", "dmi.processor.socket_designation"=>"CPU 1", "cpu.byte_order"=>"Little Endian", "dmi.processor.status"=>"Populated:Enabled", "cpu.numa_node0_cpu(s)"=>"0", "cpu.core(s)_per_socket"=>"1", "dmi.memory.size"=>"2048 MB", "network.ipaddr"=>"10.16.120.164", "dmi.processor.family"=>"Other", "cpu.cpu_family"=>"6"}, "name"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "auth_username"=>"Bloomberg", "type"=>"system", "auth_password"=>"[FILTERED]", "owner"=>"default"} Request is unauthenticated_api for 127.0.0.1 Completed 401 Unauthorized in 2ms (Views: 1.6ms | ActiveRecord: 105.4ms) Started GET "/katello/notices/get_new?_=1327421992848" for 10.11.230.241 at Tue Jan 24 11:19:47 -0500 2012 Processing by NoticesController#get_new as JSON Parameters: {"_"=>"1327421992848"} User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 LIMIT 1 Setting locale: en Setting current user thread-local variable to admin Notice Load (0.5ms) SELECT notices.id, text, level, request_type FROM "notices" INNER JOIN "user_notices" ON "user_notices"."notice_id" = "notices"."id" WHERE (user_notices.user_id = 1 AND user_notices.viewed = 'f') UserNotice Load (0.3ms) SELECT "user_notices".* FROM "user_notices" WHERE ("user_notices".user_id = 1) Setting current user thread-local variable to nil Completed 200 OK in 8ms (Views: 0.5ms | ActiveRecord: 1.4ms)
It's most likely a bug in rhsm - we are receiving two extra characters in the password string: >>> tclmeSRS�" <<< It's some kind of unique sequence concatenated with quotes. In ACSCII this is: tclmeSRS\357\277\275\" We can't do anything with it in katello. I will ask RHSM guys first, we will see what is wrong.
Clue: the strange chars appear in password in case username is longer then 8 chars. e.g. user testtest should work, testtestt doesn't
Okay so it turns out Apache httpd mangles Authorization http header for unknown reason! Rhsm sends this: Authorization: Basic Qmxvb21iZXJnOnRjbG1lU1JT but Apache adds ", Basic" to it: Authorization: Basic Qmxvb21iZXJnOnRjbG1lU1JT, Basic And Rails 3 decodes the header this way (https://github.com/rails/rails/blob/d65b76642637928f64c9aa092e305238eb3b6f4f/actionpack/lib/action_controller/metal/http_authentication.rb#L143): >> Base64.decode64('Basic Qmxvb21iZXJnOnRjbG1lU1JT, Basic'.split(' ', 2).last || '') => "Bloomberg:tclmeSRS\005\253\"" And that's the issue. Now, the only question is - is it a bug in httpd or rails? Looks like we need to read the RFC in this case :-) http://en.wikipedia.org/wiki/Basic_access_authentication
So it looks like a httpd bug since either HTTP/1.0 or HTTP/1.1 does not support anything else than: Authorization: Basic BASE64_ENCODED_STUFF http://tools.ietf.org/html/rfc1945#section-11 http://tools.ietf.org/html/rfc2617#section-2
There is this line in /etc/httpd/conf.d/pulp.conf comming with pulp rpm: RequestHeader append Authorization "Basic" early This adds ", Basic" to our Authorization header. Removing this line seems to fix this issue.
Ok Ivan recommends this in our puppet: common::line { "don_not_touch_auth_headers": file => "/etc/httpd/conf.d/pulp.conf", line => "RequestHeader append Authorization "Basic" early", before => Class["pulp::service"], ensure => absent; } But James points out it will break yum, because repo auth code wont work without this header. We will need to come out with a different solution.
Maybe we could put that line into <Directory /var/www/pub/repos>, so that no other path's would be affected. James?
Filed a BZ for that: https://bugzilla.redhat.com/show_bug.cgi?id=784638
Fixed in Pulp build: 0.265
Validated on: * katello-cli-common-0.1.44-2.el6.noarch * katello-certs-tools-1.0.2-2.el6.noarch * katello-glue-candlepin-0.1.222-2.el6.noarch * katello-trusted-ssl-cert-1.0-1.noarch * katello-glue-pulp-0.1.222-2.el6.noarch * katello-all-0.1.222-2.el6.noarch * katello-repos-0.1.5-1.el6.noarch * katello-glue-foreman-0.1.222-2.el6.noarch * katello-0.1.222-2.el6.noarch * katello-configure-0.1.61-2.el6.noarch * katello-qpid-broker-key-pair-1.0-1.noarch * katello-cli-0.1.44-2.el6.noarch * katello-common-0.1.222-2.el6.noarch * katello-selinux-0.1.3-1.el6.noarch * katello-httpd-ssl-key-pair-1.0-1.noarch * pulp-common-0.0.265-1.el6.noarch * pulp-0.0.265-1.el6.noarch * katello-glue-candlepin-0.1.222-2.el6.noarch * candlepin-tomcat6-0.5.16-1.el6.noarch * candlepin-0.5.16-1.el6.noarch
getting rid of 6.0.0 version since that doesn't exist